The digital and physical worlds are on an irreversible collision course. By 2022, organizations will be plunged into crisis as ruthless attackers exploit weaknesses in immature technologies and take advantage of an unprepared workforce. At the same time, natural forces will ravage infrastructure.
Over the coming years organizations will experience growing disruption as threats from the digital world have an impact on the physical. Invasive technologies will be adopted across both industrial and consumer markets, creating an increasingly turbulent and unpredictable security environment. The requirement for a flexible approach to security and resilience will be crucial as a hybrid threat environment emerges.
The impact of threats will be felt on an unprecedented scale as ageing and neglected infrastructure is attacked, with services substantially disrupted due to vulnerabilities in the underlying technology. Mismanagement of connected assets will provide attackers with opportunities to exploit organizations.
A failure to understand the next generation of workers, the concerns of consumers and the risk posed by deceptive technology will erode the trust between organizations, consumers and investors. As a result, the need for a digital code of ethics will arise in order to protect brand reputation and profitability.
Organizations will have to adapt quickly to survive when digital and physical worlds collide. Those that don’t will find themselves exposed to threats that will outpace and overwhelm them.
At the Information Security Forum, we recently released Threat Horizon 2021, the latest in an annual series of reports that provide businesses a forward-looking view of the increasing threats in today’s always-on, interconnected world. In Threat Horizon 2021, we highlighted the top three threats to information security emerging over the next two years, as determined by our research.
Let’s take a quick look at these threats and what they mean for your organization:
THREAT #1: INVASIVE TECHNOLOGY DISRUPTS THE EVERYDAY
New technologies will further invade every element of daily life with sensors, cameras and other devices embedded in homes, offices, factories and public spaces. A constant stream of data will flow between the digital and physical worlds, with attacks on the digital world directly impacting the physical and creating dire consequences for privacy, well-being and personal safety.
Augmented Attacks Distort Reality: The development and acceptance of AR technologies will usher in new immersive opportunities for businesses and consumers alike. However, organizations leveraging this immature and poorly secured technology will provide attackers with the chance to compromise the privacy and safety of individuals when systems and devices are exploited.
Behavioral Analytics Trigger A Consumer Backlash: Organizations that have invested in a highly connected nexus of sensors, cameras and mobile apps to develop behavioral analytics will find themselves under intensifying scrutiny from consumers and regulators alike as the practice is deemed invasive and unethical. The treasure trove of information harvested and sold will become a key target for attackers aiming to steal consumer secrets, with organizations facing severe financial penalties and reputational damage for failing to secure their information and systems.
Robo-Helpers Help Themselves to Data: A range of robotic devices, developed to perform a growing number of both mundane and complex human tasks, will be deployed in organisations and homes around the world. Friendly-faced, innocently-branded, and loaded with a selection of cameras and sensors, these constantly connected devices will roam freely. Poorly secured robo-helpers will be weaponized by attackers, committing acts of corporate espionage and stealing intellectual property. Attackers will exploit robo-helpers to target the most vulnerable members of society, such as the elderly or sick at home, in care homes or hospitals, resulting in reputational damage for both manufacturers and corporate users.
THREAT #2: NEGLECTED INFRASTRUCTURE CRIPPLES OPERATIONS
The technical infrastructure upon which organizations rely will face threats from a growing number of sources: man-made, natural, accidental and malicious. In a world where constant connectivity and real-time processing is vital to doing business, even brief periods of downtime will have severe consequences. It is not just the availability of information and services that will be compromised – opportunistic attackers will find new ways to exploit vulnerable infrastructure, steal or manipulate critical data and cripple operations.
Edge Computing Pushes Security to the Brink:In a bid to deal with ever-increasing volumes of data and process information in real time, organizations will adopt edge computing – an architectural approach that reduces latency between devices and increases speed – in addition to, or in place of, cloud services. Edge computing will be an attractive choice for organizations, but will also become a key target for attackers, creating numerous points of failure. Furthermore, security benefits provided by cloud service providers, such as oversight of particular IT assets, will also be lost.
Extreme Weather Wreaks Havoc on Infrastructure:Extreme weather events will increase in frequency and severity year-on-year, with organizations suffering damage to their digital and physical estates. Floodplains will expand; coastal areas will be impacted by rising sea levels and storms; extreme heat and droughts will become more damaging; and wildfires will sweep across even greater areas. Critical infrastructure and data centers will be particularly susceptible to extreme weather conditions, with business continuity and disaster recovery plans pushed to breaking point.
The Internet of Forgotten Things Bites Back: IoT infrastructure will continue to expand, with many organizations using connected devices to support core business functions. However, with new devices being produced more frequently than ever before, the risks posed by multiple forgotten or abandoned IoT devices will emerge across all areas of the business. Unsecured and unsupported devices will be increasingly vulnerable as manufacturers go out of business, discontinue support or fail to deliver the necessary patches to devices. Opportunistic attackers will discover poorly secured, network-connected devices, exploiting organizations in the process.
THREAT #3: A CRISIS OF TRUST UNDERMINES DIGITAL BUSINESS
Bonds of trust will break down as emerging technologies and the next generation of employee’s tarnish brand reputations, compromise the integrity of information and cause financial damage. Those that lack transparency, place trust in the wrong people and controls, and use technology in unethical ways will be publicly condemned. This crisis of trust between organizations, employees, investors and customers will undermine organizations’ ability to conduct digital business.
Deepfakes Tell True Lies: Digital content that has been manipulated by AI will be used to create hyper-realistic copies of individuals in real-time – deepfakes. These highly plausible digital clones will cause organizations and customers to lose trust in many forms of communication. Credible fake news and misinformation will spread, with unwary organizations experiencing defamation and reputational damage. Social engineering attacks will be amplified using deepfakes, as attackers manipulate individuals with frightening believability.
The Digital Generation Become the Scammer’s Dream: Generation Z will start to enter the workplace, introducing new information security concerns to organizations. Attitudes, behaviors, characteristics and values exhibited by the newest generation will transcend their working lives. Reckless approaches to security, privacy and consumption of content will make them obvious targets for scammers, consequently threatening the information security of their employers.
Activists Expose Digital Ethics Abuse: Driven by huge investments in pervasive surveillance and tracking technologies, the ethical element of digital business will enter the spotlight. Activists will begin targeting organizations that they deem immoral, exposing unethical or exploitative practices surrounding the technologies they develop and who they are sold to. Employees motivated by ethical concerns will leak intellectual property, becoming whistle-blowers or withdrawing labor entirely. Brand reputations will suffer, as organizations that ignore their ethical responsibilities are placed under mounting pressure.
Preparation Must Begin Now
Information security professionals are facing increasingly complex threats—some new, others familiar but evolving. Their primary challenge remains unchanged; to help their organizations navigate mazes of uncertainty where, at any moment, they could turn a corner and encounter information security threats that inflict severe business impact.
In the face of mounting global threats, organization must make methodical and extensive commitments to ensure that practical plans are in place to adapt to major changes in the near future. Employees at all levels of the organization will need to be involved, from board members to managers in non-technical roles.
The three themes listed above could impact businesses operating in cyberspace at break-neck speeds, particularly as the use of the Internet and connected devices spreads. Many organizations will struggle to cope as the pace of change intensifies. These threats should stay on the radar of every organization, both small and large, even if they seem distant. The future arrives suddenly, especially when you aren’t prepared.
About the author: Steve Durbin is Managing Director of the Information Security Forum (ISF). His main areas of focus include strategy, information technology, cyber security and the emerging security threat landscape across both the corporate and personal environments. Previously, he was senior vice president at Gartner.